Typical – the first recent virus that does damage to the users local files as opposed to just launching a DOS attack or act as a zombie (which the firewall would have prevented) and this is the one that the user gets infected with, AND with no backup of their data!
The cost to us was a days downtime whilst I had the users pc shipped to the office to work on, 5 hours of my time to hack the box to change the administrator password (as this was set by a previous company and I wasn’t bringing the machine online to change the password over the network!),run the av software check (which took about 3 hours to run), run adaware to remove the spyware (gator) on the machine and check for windows updates (remarkably uptodate!) I also had to run a complete network sweep which REALLY slowed everyone’s machine for about an hour – and all because updates were less than a day old and someone was daft enough to open a weirdly named attachment. In their defence the file did look a .txt file due to large amounts of spaces and changing the icon to look like a .txt file instead of a .exe file
Back in the office today after an extended 4 day visit to a customer (which was only scheduled for one day!) I decided to check that the NAV definitions were up to date (which they were) and to double check they would detect the Netsky.B virus. After waiting about 3 or 4 minutes for the list of virus’s that Norton detects (wouldn’t it be nice to have a search function?) to load I was able to confirm it did detect them. I then checked my mailbox and found a letter from Symantec, dated the 18th, which arrived this morning (20th) telling me about the virus. I thought the whole point of these Virus Bulletins was to give you a head start on possible infections, not notification two/three days after you read about it everywhere else and even the 4 year old from next door is asking your opinion on it (not really – hes more like 44 years old)
I’d come across the Stinger utility from Network Associates Inc. but didn’t know what it was. Apparently its a utility that will assist you in removing the latest virus’ from your computer – all in one .exe file. Although no substitute for av software it would make a good tool to have on a usb disk/floppy/cd to take to peoples machines when they ring up as they’ve been infected.
Interesting post from Netcraft on how Microsoft and SCO could be planning to sort out the Denial of Service likely to happen on Sunday when the latest virus starts to attack. Apparently last time round Microsoft used Akamai to split the load – but they use Linux so it wasn’t a good PR move to host Microsoft.com on a linux box – and how is SCO going to cope if they won’t use Linux either (after all they’d then have to sue themselves.
and you get a rapidly spreading virus – or so the news would have us believe. We’ve had one instance so far with the subject “Hi”, with an attachment of “kjywtjhgnbw.exe”. The body of the email contains Test =) lfcdlfaorget
–Test, yep. Now if you got an email like this would you click on the .exe file?
That virus alert I posted the other day has now been classified as w32.bugbros@mm which sounds more like a bug in a movie.
We’ve now started to get alerts that Mimail infected emails are coming in. Fortunately we’re detecting and deleting the attachments but I’m hoping it doesn’t eat too much of our bandwidth up. In the meantime the status of the threats can be seen at Symantec Security Response. When will these infected people learn?
Looks like there might be a new virus doing the rounds as I’ve received several bounces where i’m the “reply to” field in the email. The body of the email contains different subjects, so far i’ve had “your password”, sophos virus removal tools, ie6 patch etc… The good news is that I think I know who got infected with this one.
when you open your first email after starting Outlook, you see the error message Error: “VPMSECE.DLL could not be installed or loaded. It may be missing or there may not be enough resources.” The error message may or may not reference a location, as in: “C:\Program Files\NavNT\vpmsece.dll could not be installed or loaded. It may be missing or there may not be enough resources.”
The documented solution is to uninstall the symantec security client, delete extend.dat (search your computer for this file) and start outlook. If this doesn’t work, reinstall outlook (in my case office). There is no way I was going to uninstall office and then reinstall it so I went hunting.
10 minutes later I had a solution.
A quick search on the registry for vpmsece.dll comes up with LDVP under hklm\software\microsoft\exchange\client\extensions. Disabling LDVP under tools/options/other/Advanced Options/AddInManager and restarting Outlook and everything was ok. Re-enabling the extension and the problem re-occurs.
Deleting the registry entry hklm\software\microsoft\exchange\client\extensions\LDVP and restarting outlook means I don’t get the error message and the LDVP addon is not listed in the registry.
I then installed Symantec Client Security again and all seems to be ok. The cryptic LDVP has been replaced with SavCorp810 in the extension manager which is a lot easier to work out what the extension is.